CVE-2018-1904

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533...

Code injection

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533...

CVE-2018-1904

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through an administrative client class with a serialized object from untrusted sources. IBM X-Force ID: 152533...

GHSA-26V6-W6FW-RH94 Apache Camel can allow remote attackers to execute arbitrary commands

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using 1 camel-jetty or 2 camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request...

Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2018-1567)

Summary There is a potential remote code execution vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1567 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized objec...

The vulnerability of the CA Release Automation system arises from the restoration of an unreliable data structure in memory, allowing a perpetrator to execute arbitrary code.

The vulnerability of the CA Release Automation system arises from the restoration of a dubious data structure in memory. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary code using a specially crafted serialized object...

Remote code execution

The hotrod java client in infinispan before 9.1.0.Final automatically deserializes bytearray message contents in certain events. A malicious user could exploit this flaw by injecting a specially-crafted serialized object to attain remote code execution or conduct other attacks...

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

CVE-2018-1567

CVE-2018-1567 affects IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0. The issue allows remote attackers to execute arbitrary Java code via the SOAP connector by sending a serialized object from untrusted sources (deserialization leading to code execution). Affected product scope is WebSp...

CVE-2018-1567

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

Code injection

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow remote attackers to execute arbitrary Java code through the SOAP connector with a serialized object from untrusted sources. IBM X-Force ID: 143024...

CVE-2018-15691

Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code...

Oracle Weblogic Server Deserialization RCE

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2018-15503

The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV...

Security Bulletin: Multiple security vulnerabilities has been identified in Websphere Application Server shipped with IBM Operations Analytics - Log Analysis (CVE-2016-0378, CVE-2016-3040, CVE-2016-5986, CVE-2016-5983)

Summary Websphere Application Server - Liberty profile is shipped as a component of IBM Operations Analytics - Log Analysis. Information about a cross-site scripting vulnerability affecting Websphere Application Server has been published in a security bulletin. Vulnerability Details CVEID:...

Security Bulletin: A vulnerability in Apache ActiveMQ affects IBM Tivoli System Automation Application Manager (CVE-2015-5254)

Summary There is a vulnerability in Apache ActiveMQ that is used by IBM Tivoli System Automation Application Manager. Vulnerability Details CVEID: CVE-2015-5254 DESCRIPTION: Apache ActiveMQ could allow a remote attacker to execute arbitrary code on the system, caused by the failure to restrict th...

Security Bulletin: Multiple security vulnerabilities have been identified in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite (CVE-2016-0378, CVE-2016-5983 and CVE-2016-5986)

Summary There are vulnerabilities in IBM® WebSphere Application Server Liberty shipped with IBM Security Directory Suite. Those issues were disclosed as part of the IBM WebSphere Application Server Liberty updates and it includes all vulnerabilities details. Vulnerability Details CVEID:...

Security Bulletin: Vulnerability in IBM WebSphere Application Server affects IBM Emptoris Contract Management (CVE-2016-5983)

Summary The IBM Emptoris Contract Management product is affected by a vulnerability that exists in the IBM Websphere Application Server. The security bulletin includes issues disclosed as part of the IBM WebSphere Application Server updates. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION:...

Security Bulletin: Multiple security vulnerabilities affect Liberty for Java for IBM Bluemix (CVE-2016-5573, CVE-2016-5597, CVE-2016-5983)

Summary There are multiple vulnerabiltities in the IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM SDK for Java updates in October 2016. These may affect some configurations of IBM WebSphere Application Server...

Security Bulletin: Code execution vulnerability in WebSphere Application Server (CVE-2016-5983).

Summary There is a potential code execution vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2016-5983 DESCRIPTION: IBM WebSphere Application Server could allow remote attackers to execute arbitrary Java code with a serialized object from untrusted sources. CVSS Bas...